On 19/03/2014 0:51, Lou Losee wrote:
I also wonder if they truly mean password hashes, as in the ancient RACF password hash methods, or the more commonly used encryption method of securing passwords or to be more technically correct, user ids.
I'm sure it is using the encryption method. The speed of password cracking on GPUs is fast enough that most hashes are vulnerable using traditional length passwords. RACF might be worse than some because the algorithm might not be specifically designed to be slow - I don't know.
The answer is to assume that anybody who can read the encrypted passwords of a system (password database, backups etc.) can crack some or all of them. RACF is no different to other systems in that regard. This isn't news - it has been SOP for as long as I have been in the industry.
An interesting article on the subject: http://blog.codinghorror.com/speed-hashing/ Andrew Rowley -- [email protected] +61 413 302 386 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
